Class: Aws::SSM::Types::BaselineOverride

Inherits:
Struct
  • Object
show all
Includes:
Aws::Structure
Defined in:
lib/aws-sdk-ssm/types.rb

Overview

Note:

When making an API call, you may pass BaselineOverride data as a hash:

{
  operating_system: "WINDOWS", # accepts WINDOWS, AMAZON_LINUX, AMAZON_LINUX_2, UBUNTU, REDHAT_ENTERPRISE_LINUX, SUSE, CENTOS, ORACLE_LINUX, DEBIAN, MACOS, RASPBIAN
  global_filters: {
    patch_filters: [ # required
      {
        key: "ARCH", # required, accepts ARCH, ADVISORY_ID, BUGZILLA_ID, PATCH_SET, PRODUCT, PRODUCT_FAMILY, CLASSIFICATION, CVE_ID, EPOCH, MSRC_SEVERITY, NAME, PATCH_ID, SECTION, PRIORITY, REPOSITORY, RELEASE, SEVERITY, SECURITY, VERSION
        values: ["PatchFilterValue"], # required
      },
    ],
  },
  approval_rules: {
    patch_rules: [ # required
      {
        patch_filter_group: { # required
          patch_filters: [ # required
            {
              key: "ARCH", # required, accepts ARCH, ADVISORY_ID, BUGZILLA_ID, PATCH_SET, PRODUCT, PRODUCT_FAMILY, CLASSIFICATION, CVE_ID, EPOCH, MSRC_SEVERITY, NAME, PATCH_ID, SECTION, PRIORITY, REPOSITORY, RELEASE, SEVERITY, SECURITY, VERSION
              values: ["PatchFilterValue"], # required
            },
          ],
        },
        compliance_level: "CRITICAL", # accepts CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, UNSPECIFIED
        approve_after_days: 1,
        approve_until_date: "PatchStringDateTime",
        enable_non_security: false,
      },
    ],
  },
  approved_patches: ["PatchId"],
  approved_patches_compliance_level: "CRITICAL", # accepts CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, UNSPECIFIED
  rejected_patches: ["PatchId"],
  rejected_patches_action: "ALLOW_AS_DEPENDENCY", # accepts ALLOW_AS_DEPENDENCY, BLOCK
  approved_patches_enable_non_security: false,
  sources: [
    {
      name: "PatchSourceName", # required
      products: ["PatchSourceProduct"], # required
      configuration: "PatchSourceConfiguration", # required
    },
  ],
}

Defines the basic information about a patch baseline override.

Constant Summary collapse

SENSITIVE =
[]

Instance Attribute Summary collapse

Instance Attribute Details

#approval_rulesTypes::PatchRuleGroup

A set of rules defining the approval rules for a patch baseline.


1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
# File 'lib/aws-sdk-ssm/types.rb', line 1663

class BaselineOverride < Struct.new(
  :operating_system,
  :global_filters,
  :approval_rules,
  :approved_patches,
  :approved_patches_compliance_level,
  :rejected_patches,
  :rejected_patches_action,
  :approved_patches_enable_non_security,
  :sources)
  SENSITIVE = []
  include Aws::Structure
end

#approved_patchesArray<String>

A list of explicitly approved patches for the baseline.

For information about accepted formats for lists of approved patches and rejected patches, see [About package name formats for approved and rejected patch lists] in the *Amazon Web Services Systems Manager User Guide*.

[1]: docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-approved-rejected-package-name-formats.html

Returns:

  • (Array<String>)

1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
# File 'lib/aws-sdk-ssm/types.rb', line 1663

class BaselineOverride < Struct.new(
  :operating_system,
  :global_filters,
  :approval_rules,
  :approved_patches,
  :approved_patches_compliance_level,
  :rejected_patches,
  :rejected_patches_action,
  :approved_patches_enable_non_security,
  :sources)
  SENSITIVE = []
  include Aws::Structure
end

#approved_patches_compliance_levelString

Defines the compliance level for approved patches. When an approved patch is reported as missing, this value describes the severity of the compliance violation.

Returns:

  • (String)

1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
# File 'lib/aws-sdk-ssm/types.rb', line 1663

class BaselineOverride < Struct.new(
  :operating_system,
  :global_filters,
  :approval_rules,
  :approved_patches,
  :approved_patches_compliance_level,
  :rejected_patches,
  :rejected_patches_action,
  :approved_patches_enable_non_security,
  :sources)
  SENSITIVE = []
  include Aws::Structure
end

#approved_patches_enable_non_securityBoolean

Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes. The default value is `false`. Applies to Linux managed nodes only.

Returns:

  • (Boolean)

1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
# File 'lib/aws-sdk-ssm/types.rb', line 1663

class BaselineOverride < Struct.new(
  :operating_system,
  :global_filters,
  :approval_rules,
  :approved_patches,
  :approved_patches_compliance_level,
  :rejected_patches,
  :rejected_patches_action,
  :approved_patches_enable_non_security,
  :sources)
  SENSITIVE = []
  include Aws::Structure
end

#global_filtersTypes::PatchFilterGroup

A set of patch filters, typically used for approval rules.


1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
# File 'lib/aws-sdk-ssm/types.rb', line 1663

class BaselineOverride < Struct.new(
  :operating_system,
  :global_filters,
  :approval_rules,
  :approved_patches,
  :approved_patches_compliance_level,
  :rejected_patches,
  :rejected_patches_action,
  :approved_patches_enable_non_security,
  :sources)
  SENSITIVE = []
  include Aws::Structure
end

#operating_systemString

The operating system rule used by the patch baseline override.

Returns:

  • (String)

1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
# File 'lib/aws-sdk-ssm/types.rb', line 1663

class BaselineOverride < Struct.new(
  :operating_system,
  :global_filters,
  :approval_rules,
  :approved_patches,
  :approved_patches_compliance_level,
  :rejected_patches,
  :rejected_patches_action,
  :approved_patches_enable_non_security,
  :sources)
  SENSITIVE = []
  include Aws::Structure
end

#rejected_patchesArray<String>

A list of explicitly rejected patches for the baseline.

For information about accepted formats for lists of approved patches and rejected patches, see [About package name formats for approved and rejected patch lists] in the *Amazon Web Services Systems Manager User Guide*.

[1]: docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-approved-rejected-package-name-formats.html

Returns:

  • (Array<String>)

1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
# File 'lib/aws-sdk-ssm/types.rb', line 1663

class BaselineOverride < Struct.new(
  :operating_system,
  :global_filters,
  :approval_rules,
  :approved_patches,
  :approved_patches_compliance_level,
  :rejected_patches,
  :rejected_patches_action,
  :approved_patches_enable_non_security,
  :sources)
  SENSITIVE = []
  include Aws::Structure
end

#rejected_patches_actionString

The action for Patch Manager to take on patches included in the `RejectedPackages` list. A patch can be allowed only if it is a dependency of another package, or blocked entirely along with packages that include it as a dependency.

Returns:

  • (String)

1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
# File 'lib/aws-sdk-ssm/types.rb', line 1663

class BaselineOverride < Struct.new(
  :operating_system,
  :global_filters,
  :approval_rules,
  :approved_patches,
  :approved_patches_compliance_level,
  :rejected_patches,
  :rejected_patches_action,
  :approved_patches_enable_non_security,
  :sources)
  SENSITIVE = []
  include Aws::Structure
end

#sourcesArray<Types::PatchSource>

Information about the patches to use to update the managed nodes, including target operating systems and source repositories. Applies to Linux managed nodes only.

Returns:


1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
# File 'lib/aws-sdk-ssm/types.rb', line 1663

class BaselineOverride < Struct.new(
  :operating_system,
  :global_filters,
  :approval_rules,
  :approved_patches,
  :approved_patches_compliance_level,
  :rejected_patches,
  :rejected_patches_action,
  :approved_patches_enable_non_security,
  :sources)
  SENSITIVE = []
  include Aws::Structure
end